<…>
I’d also consider severely changing the mobile phone number, in order to reduce the sim-swapping vector of attack. It’s not pretty to do, specially the more tied your phone is to services and verification processes, but it’s something to ponder heavily. In the process, I’d make sure the substitute phone number is completely new (and not some recycled number provided by the telephone network operator). You are probably going to need both numbers operative for a while to complete the process (verification sms do get sent to both numbers with some entities).
Pain in the ass though, but a clean contact start every now and then is probably healthy.
It is really best to not have your phone number be a method to verify your identity or authenticate your access. Last year, Jack Dorsey (the founder of Twitter), had tweets
sent on his behalf because someone was able to impersonate his phone number. Changing your number would potentially allow an attacker to have legitimate access to your old phone number, and might be able to impersonate you. I am also not sure how easy it is to get a previously unused phone number.
I would rather use google authenticator or some other time based code as a means of authentication.
